SYNERGY OF BUILDING CYBERSECURITY SYSTEMS

The development of the modern world community is closely related to advances in computing resources and cyberspace. The formation and expansion of the range of services is based on the achievements of mankind in the field of high technologies. However, the rapid growth of computing resources, the emergence of a full-scale quantum computer tightens the requirements for security systems not only for information and communication systems, but also for cyber-physical systems and technologies. The methodological foundations of building security systems for critical infrastructure facilities based on modeling the processes of behavior of antagonistic agents in security systems are discussed in the first chapter. The concept of information security in social networks, based on mathematical models of data protection, taking into account the influence of specific parameters of the social network, the effects on the network are proposed in second chapter. The nonlinear relationships of the parameters of the defense system, attacks, social networks, as well as the influence of individual characteristics of users and the nature of the relationships between them, takes into account. In the third section, practical aspects of the methodology for constructing post-quantum algorithms for asymmetric McEliece and Niederreiter cryptosystems on algebraic codes (elliptic and modified elliptic codes), their mathematical models and practical algorithms are considered. Hybrid crypto-code constructions of McEliece and Niederreiter on defective codes are proposed. They can significantly reduce the energy costs for implementation, while ensuring the required level of cryptographic strength of the system as a whole. The concept of security of corporate information and educational systems based on the construction of an adaptive information security system is proposed. ISBN 978-617-7319-31-2 (on-line)ISBN 978-617-7319-32-9 (print) ------------------------------------------------------------------------------------------------------------------ How to Cite: Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: РС ТЕСHNOLOGY СЕNTЕR, 188. doi: http://doi.org/10.15587/978-617-7319-31-2 ------------------------------------------------------------------------------------------------------------------ Indexing:                    Розвиток сучасної світової спільноти тісно пов’язаний з досягненнями в області обчислювальних ресурсів і кіберпростору. Формування та розширення асортименту послуг базується на досягненнях людства у галузі високих технологій. Однак стрімке зростання обчислювальних ресурсів, поява повномасштабного квантового комп’ютера посилює вимоги до систем безпеки не тільки інформаційно-комунікаційних, але і до кіберфізичних систем і технологій. У першому розділі обговорюються методологічні основи побудови систем безпеки для об'єктів критичної інфраструктури на основі моделювання процесів поведінки антагоністичних агентів у систем безпеки. У другому розділі пропонується концепція інформаційної безпеки в соціальних мережах, яка заснована на математичних моделях захисту даних, з урахуванням впливу конкретних параметрів соціальної мережі та наслідків для неї. Враховуються нелінійні взаємозв'язки параметрів системи захисту, атак, соціальних мереж, а також вплив індивідуальних характеристик користувачів і характеру взаємовідносин між ними. У третьому розділі розглядаються практичні аспекти методології побудови постквантових алгоритмів для асиметричних криптосистем Мак-Еліса та Нідеррейтера на алгебраїчних кодах (еліптичних та модифікованих еліптичних кодах), їх математичні моделі та практичні алгоритми. Запропоновано гібридні конструкції криптокоду Мак-Еліса та Нідеррейтера на дефектних кодах. Вони дозволяють істотно знизити енергетичні витрати на реалізацію, забезпечуючи при цьому необхідний рівень криптографічної стійкості системи в цілому. Запропоновано концепцію безпеки корпоративних інформаційних та освітніх систем, які засновані на побудові адаптивної системи захисту інформації. ISBN 978-617-7319-31-2 (on-line)ISBN 978-617-7319-32-9 (print) ------------------------------------------------------------------------------------------------------------------ Як цитувати: Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: РС ТЕСHNOLOGY СЕNTЕR, 188. doi: http://doi.org/10.15587/978-617-7319-31-2 ------------------------------------------------------------------------------------------------------------------ Індексація:                 &nbsp

An ecological approach. The infodemic, pandemic, and COVID-19

This contribution aims at focusing on the notion of infodemic, as it has widely been used by International and Supranational institutions during the COVID-19 pandemic. For media and communication studies the analysis of the concept and its evolution is interesting from two points of view: firstly, because it allows us to question its theoretical heuristic value and secondly because it enables us to grasp a changing media ecosystem, characterised by the strong presence of social platforms. The work is divided into three parts: the first and the third describe two different stages in the use of the term infodemic by three international and supranational institutions such as the World Health Organisation, the United Nations and the European Union. The second part presents an “oriented” literature review of the platforms, analyzing the mid-term evolutions in the use of the term. The conclusions aims to assume that the turning point in the notion of infodemic is likely to be on the one hand the confirmation of the central importance acquired by platforms in the field of communication and media, on the other hand an entry point into a new season for the democratic governance of public sphere

Ransomware detection using the dynamic analysis and machine learning: A survey and research directions

Ransomware is an ill-famed malware that has received recognition because of its lethal and irrevocable effects on its victims. The irreparable loss caused due to ransomware requires the timely detection of these attacks. Several studies including surveys and reviews are conducted on the evolution, taxonomy, trends, threats, and countermeasures of ransomware. Some of these studies were specifically dedicated to IoT and android platforms. However, there is not a single study in the available literature that addresses the significance of dynamic analysis for the ransomware detection studies for all the targeted platforms. This study also provides the information about the datasets collection from its sources, which were utilized in the ransomware detection studies of the diverse platforms. This study is also distinct in terms of providing a survey about the ransomware detection studies utilizing machine learning, deep learning, and blend of both techniques while capitalizing on the advantages of dynamic analysis for the ransomware detection. The presented work considers the ransomware detection studies conducted from 2019 to 2021. This study provides an ample list of future directions which will pave the way for future research

Models, methods and information technologies of protection of corporate systems of transport based on intellectual identification of threats

In article results of researches on development of methods and models of intellectual recognition of threats to information systems of transport. The article to contain results of the researches, allowing to raise level of protection of the automated and intellectual information systems of the transportation enterprises (AISTE) in the conditions of an intensification of transportations.  The article to contain mathematical models and results of an estimation information systems having Internet connection through various communication channels. The article also considers the issues of research and protection of the AISTE under the condition of several conflict data request threads

Tackling threats to informed decision-making in democratic societies: Promoting epistemic security in a technologically-advanced world

Access to reliable information is crucial to the ability of a democratic society to coordinate effective collective action when responding to a crisis, like a global pandemic, or complex challenge like climate change. Through a series of workshops we developed and analysed a set of hypothetical yet plausible crisis scenarios to explore how technologically exacerbated external threats and internal vulnerabilities to a society’s epistemic security – its ability to reliably avert threats to the processes by which reliable information is produced, distributed, and assessed within the society – can be mitigated in order to facilitate timely decision-making and collective action in democratic societies. Overall we observed that preserving a democratic society’s epistemic security is a complex effort that sits at the interface of many knowledge domains, theoretical perspectives, value systems, and institutional responsibilities, and we developed a series of recommendations to highlight areas where additional research and resources will likely have a significant impact on improving epistemic security in democratic societie

A Recommender System in the Cyber Defense Domain

In the cyber domain, network defenders have traditionally been placed in a reactionary role. Before a defender can act they must wait for an attack to occur and identify the attack. This places the defender at a disadvantage in a cyber attack situation and it is certainly desirable that the defender out maneuver the attacker before the network has been compromised. The goal of this research is to determine the value of employing a recommender system as an attack predictor, and determine the best configuration of a recommender system for the cyber defense domain. The most important contribution of this research effort is the use of recommender systems to generate an ordered list of cyber defense actions

UNDERSTANDING THE ROLE OF OVERT AND COVERT ONLINE COMMUNICATION IN INFORMATION OPERATIONS

This thesis combines regression, sentiment, and social network analysis to explore how Russian online media agencies, both overt and covert, affect online communication on Twitter when North Atlantic Treaty Organization (NATO) exercises occur. It explores the relations between the average sentiment of tweets and the activities of Russia’s overt and covert online media agencies. The data source for this research is the Naval Postgraduate School’s licensed Twitter archive and open-source information about the NATO exercises timeline. Publicly available lexicons of positive and negative terms helped to measure the sentiment in tweets. The thesis finds that Russia’s covert media agencies, such as the Internet Research Agency, have a great impact on and likelihood for changing the sentiment of network users about NATO than do the overt Russian media outlets. The sentiment during NATO exercises becomes more negative as the activity of Russian media organizations, whether covert or overt, increases. These conclusions suggest that close tracking and examination of the activities of Russia’s online media agencies provide the necessary base for detecting ongoing information operations. Further refining of the analytical methods can deliver a more comprehensive outcome. These refinements could employ machine learning or natural language processing algorithms that can increase the precision of the sentiment measurement probability and timely identification of trolls’ accounts.Podpolkovnik, Bulgarian Air ForceApproved for public release. Distribution is unlimited

Robustness: A New US Cyber Deterrence Strategy

The growing trend of computer network attacks provokes the necessity for a comprehensive cyber deterrence strategy to deter aggressors from attacking U.S. critical infrastructure. The current U.S. cyber deterrence strategy based on punishment is ineffective in deterring aggressors as evidenced by the increasing number of computer network attacks against U.S. critical infrastructure. Therefore, the U.S. should look towards an alternative strategy based on robustness to deny enemy objectives and absorb attacks. To identify the superior cyber deterrence strategy, this study uses a qualitative assessment based on open-sourced information to evaluate the effectiveness of each strategy. The findings of this study show that a deterrence strategy centered on robustness can be more effective in deterring aggressors. As a result, the United States would be better served to reform its cyber deterrence strategy by establishing a capability to absorb computer network attacks and deny enemy objectives as a deterrent

Emerging Risks in the Marine Transportation System (MTS), 2001- 2021

How has maritime security evolved since 2001, and what challenges exist moving forward? This report provides an overview of the current state of maritime security with an emphasis on port security. It examines new risks that have arisen over the last twenty years, the different types of security challenges these risks pose, and how practitioners can better navigate these challenges. Building on interviews with 37 individuals immersed in maritime security protocols, we identify five major challenges in the modern maritime security environment: (1) new domains for exploitation, (2) big data and information processing, (3) attribution challenges, (4) technological innovations, and (5) globalization. We explore how these challenges increase the risk of small-scale, high-probability incidents against an increasingly vulnerable Marine Transportation System (MTS). We conclude by summarizing several measures that can improve resilience-building and mitigate these risks

Deteção de intrusões de rede baseada em anomalias

Dissertação de mestrado integrado em Eletrónica Industrial e ComputadoresAo longo dos últimos anos, a segurança de hardware e software tornou-se uma grande preocupação. À medida que a complexidade dos sistemas aumenta, as suas vulnerabilidades a sofisticadas técnicas de ataque têm proporcionalmente escalado. Frequentemente o problema reside na heterogenidade de dispositivos conectados ao veículo, tornando difícil a convergência da monitorização de todos os protocolos num único produto de segurança. Por esse motivo, o mercado requer ferramentas mais avançadas para a monitorizar ambientes críticos à vida humana, tais como os nossos automóveis. Considerando que existem várias formas de interagir com os sistemas de entretenimento do automóvel como o Bluetooth, o Wi-fi ou CDs multimédia, a necessidade de auditar as suas interfaces tornou-se uma prioridade, uma vez que elas representam um sério meio de aceeso à rede interna do carro. Atualmente, os mecanismos de segurança de um carro focam-se na monitotização da rede CAN, deixando para trás as tecnologias referidas e não contemplando os sistemas não críticos. Como exemplo disso, o Bluetooth traz desafios diferentes da rede CAN, uma vez que interage diretamente com o utilizador e está exposto a ataques externos. Uma abordagem alternativa para tornar o automóvel num sistema mais robusto é manter sob supervisão as comunicações que com este são estabelecidas. Ao implementar uma detecção de intrusão baseada em anomalias, esta dissertação visa analisar o protocolo Bluetooth no sentido de identificar interações anormais que possam alertar para uma situação fora dos padrões de utilização. Em última análise, este produto de software embebido incorpora uma grande margem de auto-aprendizagem, que é vital para enfrentar quaisquer ameaças desconhecidas e aumentar os níveis de segurança globais. Ao longo deste documento, apresentamos o estudo do problema seguido de uma metodologia alternativa que implementa um algoritmo baseado numa LSTM para prever a sequência de comandos HCI correspondentes a tráfego Bluetooth normal. Os resultados mostram a forma como esta abordagem pode impactar a deteção de intrusões nestes ambientes ao demonstrar uma grande capacidade para identificar padrões anómalos no conjunto de dados considerado.In the last few years, hardware and software security have become a major concern. As the systems’ complexity increases, its vulnerabilities to several sophisticated attack techniques have escalated likewise. Quite often, the problem lies in the heterogeneity of the devices connected to the vehicle, making it difficult to converge the monitoring systems of all existing protocols into one security product. Thereby, the market requires more refined tools to monitor life-risky environments such as personal vehicles. Considering that there are several ways to interact with the car’s infotainment system, such as Wi-fi, Bluetooth, or CD player, the need to audit these interfaces has become a priority as they represent a serious channel to reach the internal car network. Nowadays, security in car networks focuses on CAN bus monitoring, leaving behind the aforementioned technologies and not contemplating other non-critical systems. As an example of these concerns, Bluetooth brings different challenges compared to CAN as it interacts directly with the user, being exposed to external attacks. An alternative approach to converting modern vehicles and their set of computers into more robust systems is to keep track of established communications with them. By enforcing anomaly-based intrusion detection this dissertation aims to analyze the Bluetooth protocol to identify abnormal user interactions that may alert for a non conforming pattern. Ultimately, such embedded software product incorporates a self-learning edge, which is vital to face newly developed threats and increasing global security levels. Throughout this document, we present the study case followed by an alternative methodology that implements an LSTM based algorithm to predict a sequence of HCI commands corresponding to normal Bluetooth traffic. The results show how this approach can impact intrusion detection in such environments by expressing a high capability of identifying abnormal patterns in the considered data